Tux Machines

Security: ConductorOne and Too Much Panic Over ksmbd

Posted by Roy Schestowitz on Dec 26, 2022

Programming/Development Leftovers

Video: Kernel Without Rust, LINUX Unplugged, and Open Source Security

Open-source tool for security engineers helps automate access reviews - Help Net Security

↺ Open-source tool for security engineers helps automate access reviews - Help Net Security

> ConductorOne open-sourced their identity connectors in a project called Baton, available on GitHub. Each connector gives developers the ability to extract, normalize, and interact with workforce identity data such as user accounts, permissions, roles, groups, resources, and more, so they can audit infrastructure access, start to automate user access reviews, and enforce the principle of least privilege.

Linux Kernel Security Bug Allows Remote Code Execution for Authenticated Remote Users - Slashdot [Ed: The severity of 10 is no longer 10 for the "Linux" flaw; it was SMB related and was downgraded later, days after all the drama]

↺ Linux Kernel Security Bug Allows Remote Code Execution for Authenticated Remote Users - Slashdot

> This new program, which was introduced to the kernel in 2021, was developed by Samsung. Its point was to deliver speedy SMB3 file-serving performance.... Any distro using the Linux kernel 5.15 or above is potentially vulnerable. This includes Ubuntu 22.04, and its descendants; Deepin Linux 20.3; and Slackware 15.

Critical Linux Kernel flaw affects SMB servers with ksmbd enabled [Ed: No, the severity is not 10!]

↺ Critical Linux Kernel flaw affects SMB servers with ksmbd enabled

> Experts warn of a critical Linux Kernel vulnerability (CVSS score of 10) impacting SMB servers that can lead to remote code execution.

gemini.tuxmachines.org